Manufacturing sites of all kinds now find themselves potentially vulnerable to new types of cyber-attacks — the kinds that turn our own connected devices and equipment against us.
How to Keep Your Manufacturing Site Secure in the Age of the IIoT
Megan Ray Nichols | Schooled By Science
For all of the remarkable advantages offered by "Industry 4.0" and the Industrial Internet of Things, there's an equally long list of risks. More specifically, manufacturing sites of all kinds now find themselves potentially vulnerable to new types of cyber-attacks — the kinds that turn our own connected devices and equipment against us.
Why Take IIoT Threats Seriously?
Broadly, the term "Industry 4.0" refers to the digital networks that now power our industrial and manufacturing sites and processes and facilitate transparency and collaboration. It makes all the relevant data about your business operations more visible and actionable.
A connected conveyor belt in an assembly line, for example, can send your operators messages when the machine isn't working optimally or is about to fail. A connected delivery truck out on your driving routes, meanwhile, would benefit from cloud-based route planning to help seamlessly correct for traffic problems or other unforeseen events without delaying delivery.
So what should the manufacturing world be doing to protect itself against those who would leverage the IIoT to do damage? Here are four things to remember.
1. Remain Aware of Current Events in Technology and Cybersecurity
Cyber threats can be unique in that they sometimes leverage weaknesses we didn't even know existed under our own roofs. For this reason, it's imperative that you remain aware of current events across the industrial and cybersecurity landscape.
If you and your engineers and managers don't make the time to understand the threat landscape and take the proper measures to harden your digital infrastructure against misuse, the cost can be high. You'll likely recall the WannaCry attack of 2017, which saw the global economy hemorrhage billions of dollars in lost productivity. Experts say WannaCry 1.5 is ongoing and WannaCry 2.0 isn't far behind. Are you prepared?
IoT devices remain uniquely vulnerable to this type of attack since they're so physically widespread and frequently not taken seriously as a threat vector. And while the original WannaCry was "garden-variety" Windows malware, albeit deployed on a notable scale, industrial and manufacturing control systems represent huge opportunities for cybercriminals to bring operations to a grinding halt and even make off with proprietary operational data.
When most small businesses don't act even after a breach is detected, it's clear that a strong knowledge of this subject matter and a commitment to ongoing learning are both essential.
2. Make Sure Employees Know the Warning Signs and How to Elevate Concerns
The cultural element of industrial security can't be overlooked. It can be difficult for employees to feel confident elevating technical concerns when they notice something isn't working the way it should. They might feel like they're asking a "dumb" question that was covered in orientation. But bashfulness isn't an excuse not to loop in our superiors when we notice something amiss.
Maintaining an organization-wide commitment to security is step one. Each of your networks should have appropriate permissions established and should not be accessible to anybody who doesn't need to be there. Your employees should also know who to contact — and to do so immediately — if any of their devices or equipment doesn't seem to be working as expected or they have reason to believe one of their machines or work accounts might be compromised.
3. Map Your Network for a More Complete Understanding of Your Risk
A holistic approach to organizational security is a must. You probably have many connections and access points in the form of computer terminals and equipment throughout your manufacturing and product handling environments. That means many opportunities for breaches. A company with a dozen or so computers is probably small enough for a company IT department to police regularly without outside help. But for anything larger, you need to do better.
You can find tools that are available to help you make a basic map of your network. Professional security outfits can help you with this process too. The idea is to find and deal with every potential access point and even uncover some you didn't know about.
Until now, you may even have worked with "air-gapped" computers — which refers to computers not tied into your larger network or the internet proper — and assumed you were safe. Unfortunately, a careless employee or even an intruder can bring harm even to air-gapped networks with thumb drives and other devices compromised with malware.
4. Circle the Perimeter and Commit to Industry Standards
You can commit yourself to several standards on an institutional level, including ISA IEC 62443, which can help you cultivate the right talent and best practices within your company. These certifications cover specialties such as cybersecurity risk assessment, cybersecurity solutions design, maintenance and more.
The availability of such credentials and testing protocols serves as a keen reminder that ongoing learning is absolutely essential for any organization that wishes to keep abreast of the latest threats. This is also a good time to remember that IT and cybersecurity analysts are currently in high demand across all industries. High enough, in fact, for many to label the situation a shortage.
Whether you bring IT specialists onboard in a full-time capacity or choose to work with a vendor for network probing or even a cybersecurity software suite, they'll help you pay close attention to the perimeter of your networks and set up firewalls and intrusion detection software so that you know the moment an unauthorized presence is detected.
Make Security Your Competitive Edge
Some of the biggest companies in the world are staking their claims on security robustness as a serious selling point and competitive edge. Now, you can do the same. With some basic data and security hygiene within your operation, a strong defense of the perimeter of your networks and, more than likely, some help from a talented IT department or outside firm, you can protect your company's IIoT and profitability from harm.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
Comments (0)
This post does not have any comments. Be the first to leave a comment below.